wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia Open in urlscan Pro
175.41.17.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/
Effective URL:
http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739
Submission: On January 14 via api (January 14th 2022, 8:07:57 am UTC) from JP — Scanned from JP

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 175.41.17.30, located in Hong Kong and belongs to XLC-AS-AP XLC GLOBAL, HK. The main domain is wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia.

This is the only time wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Line (Online)

Domain & IP information

	IP Address		AS Autonomous System
16	175.41.17.30 175.41.17.30		9744 (XLC-AS-AP...) (XLC-AS-AP XLC GLOBAL)
16	1

16 175.41.17.30 (Hong Kong)

ASN9744 (XLC-AS-AP XLC GLOBAL, HK)

ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	eo6z1on.asia ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia	97 KB
16	1

	Domain	Requested by
9	wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia	ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia
7	ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia	ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia
16	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739
Frame ID: 71B5D914A60604C085A2538CD6E67E7B
Requests: 15 HTTP requests in this frame

Frame: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/online.asp
Frame ID: 123B9A202ABC0918A464E26A44EEE0EE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Page URL
http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

97 kB
Transfer

243 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Page URL
http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	14 KB 3 KB	209ms 53ms	Document text/html	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `d9467c8a35f4ac9e978b7c1243aeca104bb618f2c251c24c15401690f13f177d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers Content-Type text/html Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Accept-Ranges bytes ETag "80af469218d81:0" Vary Accept-Encoding Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Date Fri, 14 Jan 2022 08:07:46 GMT Content-Length 3039
GET H/1.1	200 OK	drop_ip.asp Show response ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	0 409 B	136ms 85ms	Script text/html	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/drop_ip.asp Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/html Cache-Control private Content-Length 119
GET H/1.1	200 OK	3jitiaozhuan.js Show response ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	1 KB 1 KB	99ms 48ms	Script application/x-javascript	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/3jitiaozhuan.js Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `fc4823690b726cc8fb57ed8f7af0e538936210486cb04bcbc2d1f2860bbe8e93` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "80836d9218d81:0" Vary Accept-Encoding Content-Type application/x-javascript Accept-Ranges bytes Content-Length 747
GET H/1.1	200 OK	jquery-1.9.1.min.js ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/	90 KB 41 KB	101ms 51ms	Script application/x-javascript	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/jquery-1.9.1.min.js Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "c0cb7b9218d81:0" Vary Accept-Encoding Content-Type application/x-javascript Accept-Ranges bytes Content-Length 41461
GET H/1.1	200 OK	layer.js Show response ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/	3 KB 2 KB	99ms 49ms	Script application/x-javascript	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/layer.js Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `e638d65e345e5dce62ec180305e47d5d5afeb05584dd031b47bc091c5771ee2c` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "202d7e9218d81:0" Vary Accept-Encoding Content-Type application/x-javascript Accept-Ranges bytes Content-Length 1857
GET H/1.1	200 OK	layer.css ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/css/	7 KB 2 KB	84ms 52ms	Stylesheet text/css	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/css/layer.css Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `bd7a73a5977d43a6d8a36b1675929e646fb55c266e8d97128a58ae5cd9b5cafc` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "c0cb7b9218d81:0" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 1929
GET H/1.1	200 OK	line.png ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/static/img/	2 KB 2 KB	52ms 52ms	Image image/png	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/static/img/line.png Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "808e809218d81:0" Content-Type image/png Accept-Ranges bytes Content-Length 1872
GET H/1.1	200 OK	Primary Request / Show response wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	14 KB 3 KB	189ms 49ms	Document text/html	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Requested by Host: ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/3jitiaozhuan.js Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `d9467c8a35f4ac9e978b7c1243aeca104bb618f2c251c24c15401690f13f177d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer http://ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Response headers Content-Type text/html Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Accept-Ranges bytes ETag "80af469218d81:0" Vary Accept-Encoding Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Date Fri, 14 Jan 2022 08:07:46 GMT Content-Length 3039
GET H/1.1	200 OK	drop_ip.asp Show response wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	0 409 B	139ms 89ms	Script text/html	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/drop_ip.asp Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/html Cache-Control private Content-Length 119
GET H/1.1	200 OK	3jitiaozhuan.js Show response wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	1 KB 1 KB	103ms 53ms	Script application/x-javascript	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/3jitiaozhuan.js Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `fc4823690b726cc8fb57ed8f7af0e538936210486cb04bcbc2d1f2860bbe8e93` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "80836d9218d81:0" Vary Accept-Encoding Content-Type application/x-javascript Accept-Ranges bytes Content-Length 747
GET H/1.1	200 OK	jquery-1.9.1.min.js Show response wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/	90 KB 32 KB	103ms 53ms	Script application/x-javascript	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/jquery-1.9.1.min.js Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "80af469218d81:0" Vary Accept-Encoding Content-Type application/x-javascript Accept-Ranges bytes Content-Length 32880
GET H/1.1	200 OK	layer.js Show response wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/	3 KB 2 KB	105ms 54ms	Script application/x-javascript	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/layer.js Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `e638d65e345e5dce62ec180305e47d5d5afeb05584dd031b47bc091c5771ee2c` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "80af469218d81:0" Vary Accept-Encoding Content-Type application/x-javascript Accept-Ranges bytes Content-Length 1532
GET H/1.1	200 OK	layer.css wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/css/	7 KB 2 KB	94ms 54ms	Stylesheet text/css	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/css/layer.css Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `bd7a73a5977d43a6d8a36b1675929e646fb55c266e8d97128a58ae5cd9b5cafc` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "80af469218d81:0" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 1445
GET H/1.1	200 OK	line.png wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/static/img/	2 KB 2 KB	47ms 47ms	Image image/png	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Show image Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/static/img/line.png Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `f18b347f123b0c3294489d5531e833f3e5ab2643419e2813ced3ff56e1071e02` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "808e809218d81:0" Content-Type image/png Accept-Ranges bytes Content-Length 1872
GET H/1.1	200 OK	layer.css wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/need/	7 KB 2 KB	52ms 52ms	Stylesheet text/css	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/need/layer.css?2.0 Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/app/js/layer.js Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `86f39f03f5df27a6b7af2bcbf9a7cd1b329240a5b7c9b4a2776c07c712a7dfb6` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Fri, 14 Jan 2022 08:07:46 GMT Content-Encoding gzip Last-Modified Thu, 13 Jan 2022 01:58:19 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET ETag "80af469218d81:0" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 1445
GET H/1.1	200 OK	online.asp Show response wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/ Frame 123B	143 B 444 B	90ms 90ms	Document text/html	175.41.17.30 XLC-AS-AP XLC GLOBAL
General Check archive.org Show headers Download Go to Full URL http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/online.asp Requested by Host: wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia URL: http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Protocol HTTP/1.1 Server 175.41.17.30 , Hong Kong, ASN9744 (XLC-AS-AP XLC GLOBAL, HK), Reverse DNS Software Microsoft-IIS/7.5 / ASP.NET Resource Hash `d1e87b047c88ddb333e9be9151184a6d3c37b4350268fb2fc63f67f105b3c111` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer http://wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/?time=1642147667739 Response headers Cache-Control private Content-Type text/html Content-Encoding gzip Vary Accept-Encoding Server Microsoft-IIS/7.5 X-Powered-By ASP.NET Date Fri, 14 Jan 2022 08:07:46 GMT Content-Length 221

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Line (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	1969-12-31 23:59:59	Name: ASPSESSIONIDQQDRDRQR Value: DEMFNLIAALOFPAHDHJICMBAG
			wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia/	1969-12-31 23:59:59	Name: ASPSESSIONIDQQDRDRQR Value: EEMFNLIAJLMIMPIAGMIMBBGL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia
wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia
175.41.17.30
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
86f39f03f5df27a6b7af2bcbf9a7cd1b329240a5b7c9b4a2776c07c712a7dfb6
bd7a73a5977d43a6d8a36b1675929e646fb55c266e8d97128a58ae5cd9b5cafc
d1e87b047c88ddb333e9be9151184a6d3c37b4350268fb2fc63f67f105b3c111
d9467c8a35f4ac9e978b7c1243aeca104bb618f2c251c24c15401690f13f177d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e638d65e345e5dce62ec180305e47d5d5afeb05584dd031b47bc091c5771ee2c
f18b347f123b0c3294489d5531e833f3e5ab2643419e2813ced3ff56e1071e02
fc4823690b726cc8fb57ed8f7af0e538936210486cb04bcbc2d1f2860bbe8e93

wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia Open in urlscan Pro 175.41.17.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

97 kBTransfer

243 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

2 Cookies

Indicators

wh5pfwg.ncg6.njnse3a.kmmhtke.iw7bikz3dd.dd.eo6z1on.asia Open in urlscan Pro
175.41.17.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

97 kB
Transfer

243 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!